troj/rustock

View previous topic View next topic Go down

Re: troj/rustock

Post by ddavydenko on 3rd January 2009, 9:45 pm

I tried this method on my Vista SP1 - it worked out great! But it has some differences in workflow. Here they are:
- name of that driver file was slightly different (4 or 5 last letters were different);
- during avenger run system reboots twice (second time it does by itself - user has nothing to do about that);
- after avenger I ran MBAM again (just to make sure there is no malware anymore) and found out that file itself is still there but it is not running (I guess because service was removed already), so I made MBAM to remove this file once again and this was it - one more run of MBAM confirmed system is clear.

Here are also some notes about what this malware does and how it behaves:
- seems this stuff is kinda smart: every time I tried to run antivirus which could destroy it - that antivirus was not able to update its virus definition DB and since was not able to recognize this malware.
- some programs were crushing into blue screen (like MS Visual Studio 2008) which tells me that again this stuff tries to prevent everything that could destroy it from running.
- I was even not able tp open some links in browser that contains name of it (rustok-N).

P.S. And of course I can not to say "THANK YOU" to Belahzur who's done a great job explaining a fix procedure step by step. I have not seen too much professionals over the net who is capable of actually help someone remotely. Once again, great job!

ddavydenko
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-01-03
OS OS : MS Vista SP1
Points Points : 28950
# Likes # Likes : 0

View user profile

Back to top Go down

Re: troj/rustock

Post by Belahzur on 3rd January 2009, 9:49 pm

Split off post.
So this machine is now clean?

Glad I could help, but please note:

Tools that were posted to be run by other users may not have the same effect on your machine and may damage it, that's why under the avenger script, it says "This code is made for this user"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: troj/rustock

Post by Doctor Inferno on 21st February 2009, 10:01 am

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104610
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum